Hi,
i was reading around the web about vulnerabilities like the Universal PDF XSS (linked below)

http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/

and i was thinking how to use this kind of vuln (where an attacker is able to execute arbitrary javascript code in a security zone different from the internet security zone) to do more.

I already know that with a simple XMLHttpRequest i'm able to upload files to a remote server and i already know that if the victim is using IE i can use vbscript/activex to obtain remote code execution.

But what can i do if the victim browser is Safari/Chrome/Opera to obtain remote code execution/download arbitrary files to the victim pc???

PDF is joke, unless they haven't turned of Javascript in PDF, it's almost too easy. I don't even bother to look into PDF exploits, it's like launching Java applets; no brains involved. You don't even need an exploit, just ask permission to launch it. That's it.

Let's assume that i found a vulnerability that allow an attacker to execute arbitrary javascript code in the local security zone of a web browser. If this vulnerability was found inside Internet Explorer i can use Activex/vbscript to obtain code execution/download arbitrary files. But what i can do if this kind of vulnerability is found in a browser like Mozilla Firefox/Google Chrome/Safari/Opera?

I know that is possible to use XMLHttpRequest to upload arbitrary files to a remote server but what else?